You are here

V-045: Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions

December 12, 2012 - 2:00am

Addthis

PROBLEM:

Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions

PLATFORM:

ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX

ABSTRACT:

A vulnerability was reported in Adobe ColdFusion.

REFERENCE LINKS:

SecurityTracker Alert ID:  1027853
Adobe Vulnerability identifier: APSB12-26
CVE 2012-5675

IMPACT ASSESSMENT:

High

DISCUSSION:

Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This hotfix resolves a vulnerability which could result in a sandbox permissions violation in a shared hosting environment. Adobe recommends users update their product installation using the instructions provided in the "Solution" section below.

IMPACT:

A remote authenticated user or a local user can obtain elevated privileges on the target system.

SOLUTION:

Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote

Addthis